Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
File: 1aa38486-cd53-4f48-891d-a0191edf04a1.roa (raw, json)
Hash identifier: UREAFBKi74+E7wFm9jL/w98Q+Sy0Z11ADyOF3EFZ5dQ=
Subject key identifier: 15:0D:54:97:CF:4E:D2:58:24:AC:AE:9F:FF:6A:14:F3:51:CF:4D:1B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 049E4A13216D80794B673630974BDBB76DF8DA94
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
Signing time: Tue 21 Oct 2025 13:41:14 +0000
ROA not before: Tue 21 Oct 2025 13:41:14 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:90c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:9e:4a:13:21:6d:80:79:4b:67:36:30:97:4b:db:b7:6d:f8:da:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:41:14 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d0a3e2b80d270716460463cf01d083ec7fb30577c6a580bf5ff07c12302ef6d6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:77:c0:20:63:f1:64:7d:a0:04:f7:b2:9e:bc:
de:cf:f8:87:7d:e4:c9:43:f0:1b:e1:eb:97:0b:ed:
1a:c9:14:7c:b2:cf:ed:cd:7d:21:6f:4d:b0:50:83:
9d:a2:1f:22:38:a0:68:3b:cd:86:84:b4:41:53:67:
e1:4c:84:14:9a:8c:3a:f2:ea:11:61:17:30:3b:d5:
00:7e:1f:c9:06:6f:18:32:08:32:86:a1:7b:df:d1:
66:30:1c:72:6a:86:4a:bf:6f:e6:75:09:80:b4:6e:
ff:ae:8e:a7:f3:08:fb:45:d4:71:07:82:27:b4:15:
27:f6:42:97:82:fa:ea:24:e2:20:f7:e7:f3:01:73:
4c:de:4f:2a:e3:1c:00:2e:5d:1c:38:12:57:f2:e4:
aa:f8:b6:3e:ab:af:1a:45:a6:47:26:47:84:39:61:
85:34:0d:fe:ff:73:97:f1:3f:8d:04:a1:cb:bf:d3:
1a:c8:6f:50:3d:15:d7:e1:f4:5c:7f:95:fe:37:6d:
f5:05:7b:92:e8:4e:dc:b2:99:e2:92:fe:99:9d:b9:
f5:10:93:80:a1:7f:88:cf:98:44:97:d6:2e:6a:c0:
3b:ce:3c:2f:81:e1:93:c0:87:29:75:08:27:04:78:
ad:5d:1e:7b:fa:2f:1a:85:0a:37:0c:06:72:9e:9c:
7f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:0D:54:97:CF:4E:D2:58:24:AC:AE:9F:FF:6A:14:F3:51:CF:4D:1B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:90c0::/48
Signature Algorithm: sha256WithRSAEncryption
06:9c:f4:5c:08:e3:f9:26:72:7c:cc:25:6b:9c:ac:e7:bd:ec:
00:ce:45:4a:bd:17:5f:a5:8f:0b:3e:72:b0:1c:65:20:bd:f3:
90:07:a1:22:9a:dd:68:7e:7c:35:17:9b:67:88:d5:fd:74:2a:
fb:e6:12:d8:af:af:cd:6c:0b:0a:af:7b:fc:76:ff:2c:68:55:
01:65:68:05:d6:6c:2d:2c:42:e5:fe:6f:71:c5:f3:42:88:b1:
55:d9:2d:d3:8f:97:49:08:b8:c8:47:da:94:60:60:b7:de:c8:
59:36:c7:23:c5:52:51:8b:af:49:a6:f8:6d:29:1b:6e:50:95:
44:a9:b7:56:af:7f:9c:80:c0:64:1e:91:bc:ac:90:50:fe:16:
c4:0d:1b:8d:10:32:dc:e9:3e:47:6e:dc:a0:18:95:1c:02:b4:
b7:5a:f0:7a:01:ec:d9:a2:1e:db:ed:97:1c:ce:a9:f1:9b:9e:
46:d8:a6:f5:2f:88:b3:1d:0e:0f:8c:c8:79:0f:a0:9c:fc:96:
d3:e5:05:60:6d:c6:48:d7:1a:d2:bf:c3:a1:f1:ce:86:7b:98:
50:02:82:13:57:0d:eb:bb:cc:4c:0d:c5:c6:a7:0a:74:d2:c4:
6a:e1:e1:b0:ca:94:9f:0e:67:8e:a2:df:be:b1:c3:4f:6d:b4:
9d:97:70:f3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBJ5KEyFtgHlLZzYwl0vbt2342pQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQxMTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwYTNlMmI4MGQyNzA3MTY0NjA0NjNjZjAxZDA4M2VjN2ZiMzA1NzdjNmE1
ODBiZjVmZjA3YzEyMzAyZWY2ZDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJ3wCBj8WR9oAT3sp683s/4h33kyUPwG+HrlwvtGskUfLLP7c19IW9NsFCD
naIfIjigaDvNhoS0QVNn4UyEFJqMOvLqEWEXMDvVAH4fyQZvGDIIMoahe9/RZjAc
cmqGSr9v5nUJgLRu/66Op/MI+0XUcQeCJ7QVJ/ZCl4L66iTiIPfn8wFzTN5PKuMc
AC5dHDgSV/Lkqvi2PquvGkWmRyZHhDlhhTQN/v9zl/E/jQShy7/TGshvUD0V1+H0
XH+V/jdt9QV7kuhO3LKZ4pL+mZ259RCTgKF/iM+YRJfWLmrAO848L4Hhk8CHKXUI
JwR4rV0ee/ovGoUKNwwGcp6cf6kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQVDVSX
z07SWCSsrp//ahTzUc9NGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWFhMzg0ODYtY2Q1My00ZjQ4LTg5MWQtYTAxOTFlZGYwNGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
wDANBgkqhkiG9w0BAQsFAAOCAQEABpz0XAjj+SZyfMwla5ys573sAM5FSr0XX6WP
Cz5ysBxlIL3zkAehIprdaH58NRebZ4jV/XQq++YS2K+vzWwLCq97/Hb/LGhVAWVo
BdZsLSxC5f5vccXzQoixVdkt04+XSQi4yEfalGBgt97IWTbHI8VSUYuvSab4bSkb
blCVRKm3Vq9/nIDAZB6RvKyQUP4WxA0bjRAy3Ok+R27coBiVHAK0t1rwegHs2aIe
2+2XHM6p8ZueRtim9S+Isx0OD4zIeQ+gnPyW0+UFYG3GSNca0r/DofHOhnuYUAKC
E1cN67vMTA3FxqcKdNLEauHhsMqUnw5njqLfvrHDT220nZdw8w==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:27 2025 by rpki-client